664c1f524fdf0e1c9c50776c8bb7473d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

664c1f524fdf0e1c9c50776c8bb7473d_JaffaCakes118
Size

449KB
MD5

664c1f524fdf0e1c9c50776c8bb7473d
SHA1

6cbc9e3baba1f969a2d121441eeb2ee2e96f10f7
SHA256

03ae00f9fec44e8a68cf1fa1ef776935c4a82646489ffa868c271e5546dab58f
SHA512

056919b9f275fdc5f8c75701e48d53179d0db518f08f505b312d4833e299e3f8b4b55d60bcb6eed732554fefe1286a7701a5488e546d14e969ed6212dd272bf5
SSDEEP

3072:XDne18TzZKc1NiVt19s2MJdTnFy3pLrA8wKV6ioa52oigI75ehCb2dbLriMos/C:jzMc1c99s2+dFopLrRjAi7C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
664c1f524fdf0e1c9c50776c8bb7473d_JaffaCakes118

Files

664c1f524fdf0e1c9c50776c8bb7473d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d740f0573630e42499ce9a0c48509268

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

3\\qwhW#jerjw\erjw#HJERjwr\\.pdb

Imports

version

GetFileVersionInfoA

advapi32

GetUserNameW
ImpersonateSelf
GetUserNameA
InitializeSecurityDescriptor
LookupPrivilegeNameW
GetEventLogInformation
LookupPrivilegeNameA
IsTokenRestricted

wininet

InternetInitializeAutoProxyDll
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryExW

mscms

GetStandardColorSpaceProfileW

winspool.drv

GetPrinterDriverDirectoryA
DeletePrinterDriverW
FindFirstPrinterChangeNotification

kernel32

FileTimeToSystemTime
GetCompressedFileSizeW
GetProcessId
GetVolumePathNamesForVolumeNameW
GetProfileSectionA
FileTimeToDosDateTime
FindFirstFileExA
DecodePointer
GetStartupInfoA
EnumResourceTypesA
FindResourceW
LockFileEx
LoadResource
FindActCtxSectionStringW
LocalFree
FreeConsole
GetFileAttributesExW
EnumUILanguagesW
LocalHandle
GetSystemDirectoryA
GetCurrentConsoleFont
GetTickCount
GetWindowsDirectoryW
GetShortPathNameW
DeactivateActCtx
GetSystemPowerStatus
GetDefaultCommConfigW
GetVolumePathNameW
GetConsoleCP
GetBinaryTypeA
GetThreadTimes
GetExitCodeProcess
DefineDosDeviceW
GlobalGetAtomNameW
LocalFlags
GetPrivateProfileSectionA
GetConsoleTitleA
VirtualAllocEx
GetModuleHandleW
FlushProcessWriteBuffers
GetOverlappedResult
GetOEMCP
ResumeThread
IsProcessorFeaturePresent
SleepEx
ApplicationRecoveryInProgress
GetLocaleInfoW
GetTempPathA
EnumSystemLocalesA
GetLargestConsoleWindowSize
GetTimeFormatW
DeviceIoControl
GetComputerNameA
GetProcAddress
Sleep
IsValidLocale

ntdll

strcmp
strspn

msvcrt

_time64
fputc
fread
fgetws
fputws
_localtime64

user32

GetSysColorBrush
DeregisterShellHookWindow
DialogBoxParamA
DefFrameProcW
GetUpdateRect
LoadStringW
GetWindowRgnBox
GetCaretPos
FlashWindowEx
ExcludeUpdateRgn
LoadBitmapW
GetClassInfoExA
DrawTextW
LoadMenuA
DestroyCursor
GetKeyboardLayoutList
GetDoubleClickTime
FindWindowA
GetMenuContextHelpId
LoadImageA
GetComboBoxInfo
LoadAcceleratorsW
GetDlgItemInt
GetClassInfoA
ModifyMenuA
GetWindowPlacement
LoadAcceleratorsA
IsRectEmpty
GetClassInfoW
DrawMenuBar
GetWindowThreadProcessId
UpdateWindow
GetScrollInfo
LockSetForegroundWindow
LogicalToPhysicalPoint
DdeSetUserHandle
GetMenuItemID
DestroyWindow
GetTabbedTextExtentA
GetSystemMenu
DefWindowProcW
GetTitleBarInfo
GetCaretBlinkTime
GetMenuStringA
GetClassLongA
GetShellWindow
GetMenuState
LoadCursorFromFileA
GetClientRect
GetSysColor
LoadMenuW
wsprintfA

secur32

InitializeSecurityContextA
EnumerateSecurityPackagesW
GetComputerObjectNameW

powrprof

GetPwrCapabilities

comdlg32

GetOpenFileNameW

shell32

FindExecutableA
ExtractAssociatedIconA
ExtractIconExW

urlmon

GetClassFileOrMime
CoInternetIsFeatureEnabled
FaultInIEFeature

ws2_32

listen

oleaut32

LoadRegTypeLi
VarCyMul
GetRecordInfoFromTypeInfo

gdi32

GetViewportExtEx
GdiSetBatchLimit
SetStretchBltMode
GetTextExtentPoint32W
GetTextFaceA
DeleteMetaFile
GetBitmapBits
GetPath
ExtTextOutA
GetCharWidth32W
RestoreDC
GetTextAlign
GetPaletteEntries
GetTextExtentExPointW
GetTextExtentPointW
FrameRgn
GetObjectW
GetWorldTransform
GetBkColor

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.P
Size: 363KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d740f0573630e42499ce9a0c48509268

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

advapi32

wininet

mscms

winspool.drv

kernel32

ntdll

msvcrt

user32

secur32

powrprof

comdlg32

shell32

urlmon

ws2_32

oleaut32

gdi32

Sections

.text Size: 39KB - Virtual size: 38KB

.P Size: 363KB - Virtual size: 371KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 39KB - Virtual size: 38KB

.P
Size: 363KB - Virtual size: 371KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 40KB - Virtual size: 40KB